On 15 November 2012 02:09, Chris Richardson <[email protected]> wrote: > I have a few questions and comments on this document: > > A general comment: What should a log do if it receives multiple > submissions of the same certificate? It MUST detect and reject > duplicates? SHOULD detect? What if it receives a certificate > containing an embedded SCT from itself? MUST/SHOULD/MAY reject?
MAY return the same SCT as last time - this is already fixed in the next version (which I couldn't submit coz of cutoff dates). > Section 1.1 fixes the hash algorithm as SHA-256. It makes no mention > of acceptable digital signature algorithms. > http://www.certificate-transparency.org/sizes indicates the thinking > is ECC. Is RSA an acceptable signature algorithm? Yes, but obviously expensive, since a certificate should usually contain more than one SCT. > > Section 2.1: Shouldn't Version be covered by the signature in a > SignedCertificateTimestamp? I'd think it would be beneficial to be > able to verify that the signature was intended for the same version as > is claimed in the unsigned portion. Yes, this is already fixed, also. > Section 2.2 (minor edit): upon first read, the units of old_tree_size > wasn't clear (leaf count? bytes?) The description of tree_size is > explicit on the units ("number of entries"). I would appreciate it if > old_tree_size had similar text. OK. > Section 2.3 (minor edit): the last bullet uses the term > tree_signature, when the rest of the text uses tree_head_signature. Oops. I'm travelling this week, but will try to get an update out next week. > > Regards, > Chris > _______________________________________________ > therightkey mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/therightkey _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
